From 4803d2c8560bd45dd2cac23710f5979fa47d9281 Mon Sep 17 00:00:00 2001 From: kelin Date: Thu, 5 Feb 2026 12:36:19 -0500 Subject: [PATCH] Fix: Add multi-line secret sanitization to deployment script Added Python script to automatically merge multi-line Authelia secrets (JWT_SECRET, SESSION_SECRET, STORAGE_ENCRYPTION_KEY) during core deployment. This prevents envsubst from reading truncated values when the .env file contains accidental line breaks. Fixes Authelia startup errors: - 'encryption key does not appear to be valid for this database' - Invalid URL parsing due to incomplete variable expansion --- scripts/ez-homelab.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/scripts/ez-homelab.sh b/scripts/ez-homelab.sh index fca924b..51fbb3e 100755 --- a/scripts/ez-homelab.sh +++ b/scripts/ez-homelab.sh @@ -874,6 +874,26 @@ deploy_core() { sudo chown "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/core/docker-compose.yml sudo chown "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/core/.env + # Fix multi-line secrets in .env file (merge split lines) + debug_log "Fixing multi-line secrets in .env file" + python3 << 'PYFIX' +import sys +with open('/opt/stacks/core/.env', 'r') as f: + lines = f.readlines() +new_lines = [] +i = 0 +while i < len(lines): + if any(k in lines[i] for k in ['AUTHELIA_JWT_SECRET=', 'AUTHELIA_SESSION_SECRET=', 'AUTHELIA_STORAGE_ENCRYPTION_KEY=']): + if i + 1 < len(lines) and '=' not in lines[i+1] and lines[i+1].strip() and not lines[i+1].strip().startswith('#'): + new_lines.append(lines[i].rstrip('\n') + lines[i+1].lstrip()) + i += 2 + continue + new_lines.append(lines[i]) + i += 1 +with open('/opt/stacks/core/.env', 'w') as f: + f.writelines(new_lines) +PYFIX + # Escape $ characters in password hashes to prevent Docker Compose variable substitution sed -i '/^AUTHELIA_ADMIN_PASSWORD_HASH=/ s/\$/\\$/g' /opt/stacks/core/.env